<?php
$servername = "119.23.182.180";
$username = "srp";
$password = "srp";
$dbname = "movie";

$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("连接失败: " . $conn->connect_error);
};

$name=check_str($_POST['movieusername']);
$pwd=check_str($_POST['movieuserpassword']);

$sql = "SELECT password FROM users  where username='" . $name . "' and password='" . $pwd . "'";
echo $sql;
$result=mysqli_query($conn,$sql);

if($result->num_rows>0){
    show_movies();
}else{
    echo '错误的用户名或者密码';
}



function show_movies(){
    $servername = "119.23.182.180";
    $username = "srp";
    $password = "srp";
    $dbname = "movie";

// 创建连接
    $conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
    if ($conn->connect_error) {
        die("连接失败: " . $conn->connect_error);
    }

    $sql = "SELECT Id, Title, Year FROM movies  ORDER By Year";
    $result = $conn->query($sql);

    echo "<table border='1'>
<tr>
<th>序号</th>
<th>电影名字</th>
<th>上映年代</th>
</tr>";

    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        // 输出数据
        while($row = $result->fetch_assoc()) {
            echo "<tr>";
            echo "<td>" . $row['Id'] . "</td>";
            echo "<td>" . $row['Title'] . "</td>";
            echo "<td>" . $row['Year'] . "</td>";
            echo "</tr>";
        }
    } else {
        echo "</table>";
    }
    $conn->close();
}

function check_str($str){
    $double=str_replace('\'','\"',$str);
//    把单引号替换成双引号
    $no_hyphens=str_replace('--',' ',$double);
//    把连接符删除
    $res=substr($no_hyphens,0,10);
//    截取前十个字符
    return $res;
}

?>
